Overview

overview

10

Static

static

3

setup.exe

windows10-2004-x64

10

setup.exe

windows11-21h2-x64

10

Resubmissions

08-01-2025 01:16

250108-bm46vszkaj 10

07-01-2025 22:37

250107-2jz1vatpdr 10

07-01-2025 22:11

250107-14bnbasrfr 10

06-01-2025 21:24

250106-z9bd3ayjes 10

06-01-2025 04:52

250106-fhgxzsyphk 10

06-01-2025 04:46

250106-fdzl8sypaj 10

06-01-2025 04:34

250106-e679eaymcj 10

06-01-2025 04:26

250106-e2kybawlex 10

06-01-2025 03:47

250106-ecn9favpcw 10

06-01-2025 03:19

250106-dvk43avkaw 10

Analysis

  • max time kernel
    14s
  • max time network
    16s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-01-2025 22:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.exe

  • Size

    793KB

  • MD5

    5b3e5ace672f4250aeb06382579d165d

  • SHA1

    5f1d413192d92fa9a58cd5208963cda6c6c7c678

  • SHA256

    1f8c9a3874f67a64d9ffff9f73d608d62dbd93a443404d969455e03b62e5fd48

  • SHA512

    115551e9a8186986761c03d66928e432410b9c310f2dd862155cfddf1dd01133563a611e12998e898cbd78dce5ad8c2f4da923c5c2e3cec08d20bd38d644695c

  • SSDEEP

    12288:d3K1Pp+lMeB8UODTAFKHMRTviTOODTAFKHMRTviTr:JK1PSMZx0FKsRTqT/0FKsRTqTr

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4916
    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\setup.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2992-1-0x0000000000400000-0x0000000000455000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2992-4-0x0000000000DD0000-0x0000000000E9B000-memory.dmp

    Filesize

    812KB

    Download

  • memory/2992-3-0x0000000000400000-0x0000000000455000-memory.dmp

    Filesize

    340KB

    Download

  • memory/4916-0-0x0000000000E00000-0x0000000000E01000-memory.dmp

    Filesize

    4KB

    Download